biometric hand system

Since July 2017, there have been a surge of lawsuits brought against employers under the Illinois Biometric Information Privacy Act (BIPA) in Illinois courts. More than 30 class action lawsuits have been brought against employers of such companies as United Airlines Inc., Intercontinental Hotels Group, Hyatt Corp., Bob Evans Restaurants, Speedway LLC, and others for their use of biometric data in the workplace.

Although the details of each individual case may vary, the plaintiffs often allege that the employer failed to comply with the requirements of BIPA when they used fingerprint-operated machines to record employees' work hours. The growing acceptance of biometric data as a form of identification for employees means that many employers will likely have to face either these or similar issues in the immediate future.

The Illinois Biometric Information Privacy Act (BIPA)

In 2008, Illinois passed the BIPA, which provided rules for the collection and use of biometric data. Organizations must provide written notice to their employees prior to the collection of any biometric identifier. The notice must include the purpose of the collection and the duration that the organization will use or retain the data. Only after obtaining the written consent can organizations begin their collection activities. Once they have collected biometric data, the BIPA requires organizations to protect that data in the same manner it would protect other sensitive and confidential information using the reasonable standard of care in its industry. And, the BIPA requires organizations to have a publicly available, written policy stating how long the organization will retain the data and rules governing the destruction of that data.